Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2004-2548

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).

  • Published: Dec 31, 2004
  • Updated: Apr 13, 2023
  • CVE: CVE-2004-2548
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
netwin / surgemail - 2.0a2.x
netwin / surgemail 1.8f 1.8f.x
netwin / webmail 3.1d 3.1d.x
netwin / surgemail 1.8d 1.8d.x
netwin / surgemail 1.8b3 1.8b3.x
netwin / surgemail 1.8g3 1.8g3.x
netwin / surgemail 1.8a 1.8a.x
netwin / surgemail 1.9 1.9.x
netwin / surgemail 1.9b2 1.9b2.x